Data Security

When using the integration hub, you own and secure your data as required.
The platform also provides features which allow users to effectively secure their data as
needed. This includes authentication/authorization, data isolation, and encryption.

Read First!

Our goal is to ensure our tools allow users to secure there data appropriately, however it is the responsibility of user to ensure their data is secured appropriately.

Our Data Policy

Our policy is very simple, you (the user) own and manage your data. We do not store or receive any processed data in our central servers (excluding metadata). In addition, we do not (and will not) sell data, metadata, aggregated data or any other user data or information.
Our revenue model is based on providing premium services, not by selling data.

What data do we store?

User logins and repositories (user passwords are hashed/salted)

Database connection information. Database passwords are encrypted and can only be decrypted by the remote agents encryption key.

Other data integration information such as jobs, schedules, and transforms

What we do not store?

Encryption keys. These are stored with the locally installed remote agent.

Data Isolation

Data isolation achieved by using firewalls and networks (and in some scenarios "air gaps") to create barriers
between the data storage platform and unwanted users.
The Integration Hub does not require data to be moved from these isolated areas.

Local Network Isolation

When the database is stored on the local network (but not
available on the
internet), a remote agent is installed on the local network which will perform the data processing remotely.

Strict Isolation

When the database is on a highly secured network, which does not
have outbound access to the central server, a development platform should be created outside this area to allow building and testing
of data jobs. The tested jobs can be exported and run in isolation on the secured network.

Publishing Isolated Data

When data is restricted to a local network, however there is a requirement to publish this outside the network, the Integration Hub provides an optional
proxy server to allow this.

Encryption

Data Transmission

End User

All data between the user, and the web server or the remote agent and encrypted via SSL security certificates.
The Integration Hub uses "Let's Encrypt" to automatically generate SSL certificates.
If the connection has been explicitly set to not use encryption a warning will be displayed next to the remote
agent.

Remote Agent

The remote agent - database communication may or may not be encrypted depending on the features of the
database being connected to.
Best practices are to configure databases to encrypt data, or to ensure the remote agent/database connections
are on a secured network.

Data Storage

Encrypting Data

Data encrypted by the integration hub uses a composite encryption system where one part of the key is stored
centrally and attached to each hub, and the other part of the key is stored with the remote agent.
This ensures that if either the central web store or the remote agent are compromised the encrypted data will
still be safe.

Column Encryption

Individual columns can be encrypted by specifying the security flag on the column metadata. This
provides the following options:

Fast Encrypt - Performs a 5 iteration, salted encryption.

Slow Encrypt - Performs a 1000 iteration, salted encryption.

Hash - Securely hashes/salts the field.

Password Encryption

Passwords which are used to authenticate database connections are stored centrally with
a slow/salted encryption. When exporting or migrating hubs, only the encrypted values are
exported.

Variable Encryption

Variables which have the "Encrypt" option specified are stored centrally with a slow/salted
salted encryption. When exporting or migrating hubs, only the encrypted values are available.